Compliance with Privacy Obligations
- CWG XB Pty Ltd (ACN 621 963 504) (‘XTEND’) its related bodies corporate and franchisees of XTEND (collectively referred to as XTEND or our or we) is a boutique fitness studio which offers fitness classes both online and in physical locations (Services).
- XTEND values its customers and their concerns about privacy and engages in consistent information practices and uses its best efforts to make clear disclosures regarding those practices.
- XTEND is bound by the Australian Privacy Principles set out in Schedule 1 of the Act. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at oaic.gov.au.
- XTEND is dedicated to ensuring that personal and sensitive information is gathered with respect to the individual and aims to exercise the highest standard of care in preserving privacy of information in all areas of operation.
- The information about individuals’ health collected by XTEND is handled in compliance with applicable State and Territory health records legislation.
Collection of Personal and Sensitive Information
- The types of Personal Information generally collected by us include your name, address, date of birth, mobile and telephone numbers, e-mail address, credit card or bank account details, occupation and employer, driver’s licence number and emergency contact details. Personal Information is also collected when individuals provide business cards or other documentation to us containing such Personal Information, including completion of a Membership Agreement and a Health Questionnaire. Personal Information also includes information we collect in the course of providing the Services to individuals and via external communications.
- We may also collect behavioural and/or statistical information about individuals or businesses in connection with the Services.
- The types of Sensitive Information generally collected by us includes (but is not limited to) information relating to health information, health issues or any disabilities that are necessary to properly advise you about fitness training. The types of health-related information include medical history, whether individuals are using medication, smoke or are pregnant and other health related information. We will obtain specific consent in circumstances where it is necessary to collect Sensitive Information.
- Other Sensitive Information that may be required to be collected by XTEND may include health, immunisation, vaccination, or other health information which ensures we are able to comply with our legal obligations or risk assessments. This includes, but is not limited to, obtaining vaccination and immunisation records or information in respect of and in response to any pandemic or epidemic (including Covid-19) where government regulations or public health orders apply to the provision of Services.
- Without limiting the way in which we may collect your Personal Information, this will generally occur in association with your use or utilisation of the Services, if you make an enquiry about XTEND (either online, via telephone or at an XTEND studio) or via generally dealing with us directly.
Use of Personal and Sensitive Information
- Any Personal or Sensitive Information that we collect about individuals will be used and disclosed by us to provide the Services required or otherwise to enable us to carry out our functions.
- We also collect your Personal Information so that we can carry out the following actions:
- to communicate with you, including about our Services and offers which might interest you;
- to provide you with information;
- to process payments by you or to you in connection with our Services;
- to create accounts, tax invoices or receipts (electronic or otherwise);
- to provide your Personal Information to third parties in order to them to supply some aspect of the Services;
- to consider and respond to communications or complaints made by you.
- XTEND will disclose Personal Information if it is under a legal requirement to do so (for example, under a court order, or if required under legislation), or if an authorised request is made from a law enforcement agency.
Information provided by Franchisees
- Information of a personal and sensitive nature is provided to XTEND by its potential franchisees. The information is used to evaluate the suitability of the applicants becoming XTEND franchisees. XTEND may make enquiries and check accuracy of information at the consent of the potential franchisees, this will be the only time XTEND may disclose such information to third parties unless required in accordance with the Act.
- It is at the discretion of an applicant to provide information requested; however, this may obstruct the process of assessing their suitability. The Personal Information of successful applicant will form part of an ongoing franchisee record. Should the application be unsuccessful, the applicant will be given the opportunity to have the collected information returned or permanently destroyed.
Information provided by employees
- Any employment application provided to XTEND will be used solely for the purpose of analysing or considering the suitability for an available position. Personal Information will only form part of an employee record if the application is successful. The Personal Information about employees will only be disclosed by XTEND if required by law to authorised government agencies i.e. Australian Taxation Office or as otherwise directed or consented to by employee.
- Any unsuccessful applications will remain on file to be revisited should suitable opportunities arise in the future. If required or requested by the applicant, applications (including the Personal Information contained therein) may be returned or permanently destroyed.
Online Platform Privacy
- our website: https://www.xtend.com.au
- our digital or online applications (including the XTEND App) as developed from time to time;
- our social media accounts or profiles, such as (without limitation) Facebook, Instagram, YouTube, and Twitter (but at all times being subject to the terms and conditions of use and privacy policies of the websites hosting those accounts or profiles); and/or
- any other online or digital platforms or software from which XTEND may provide the Services or you may communicate with XTEND.
- XTEND will handle Personal Information collected online with the utmost care and will not knowingly use it in ways not explicitly consented to by you.
- XTEND will handle Personal Information collected online consistently with the way that it handles Personal Information collected offline. Other matters specific to our handling of Personal Information online are set out below.
- No Personal Information is collected by XTEND when individuals visit our Online Platforms, unless they chose to provide it to us (for example, by sending us emails through our Online Platforms). However, we may collect certain data that does not identify individuals (sometimes called “web log information”) when they visit certain pages (such as the type of browser and operating system they have). We may also use “cookies” which are small files that are stored on computer and that manage the security and navigation process of the site. Users can choose to block these cookies, but some portions of the site may not function correctly if they do. This type of data is collected for statistical purposes only, and while cookies will identify a computer, they are unlikely to identify users personally.
- We will not distribute our marketing material via SMS unless customers have consented to this. This is a requirement of the Spam Act 2003 (Cth). Further, you can unsubscribe from our e-newsletter or other bulletins by using the “unsubscribe” facility contained in each electronic publication we send. Occasionally, XTEND may send promotional email messages to prospective customers to market a service or activity. This will only be done on the reasonable belief that customers would be interested in the subject matter. In every case customers will be provided with clear and simple instructions on how to be removed from our mailing list.
Site Security Policy
Apple Health & Google Health
- Our Online Platforms (and particularly the XTEND application) contain capabilities of collecting your Personal Information and Sensitive Information via the use of those Online Platforms. Specifically, this may occur via the integration between the XTEND Online Platforms (including our API) and third-party affiliated applications such as Apple Health or Google Health.
- The collection of Personal Information via any third-party integrated or affiliated applications and/or software will be subject to the privacy policies and practises of those third parties. The Apple and Google privacy statement and information may be obtained via:
- Apple: https://www.apple.com/legal/privacy/en-ww/
- Google: https://safety.google/privacy/data/
Hyperlinks to other Websites
Social Networking Acceptable Use Policy
- XTEND encourages all comments on any of our social networking pages (Facebook, Instagram YouTube, Twitter etc.), as we would like to hear from our followers, customers, fans, clients, friends, and staff. Customer views, news, ideas, insights, and criticisms about XTEND are very important to us, yet the social networking sites must not be used to abuse others, expose others to offensive or inappropriate content, or for any illegal or unlawful purpose.
- It is the user’s responsibility to protect their personal privacy when using our social networking pages. We advise users not to include any Personal Information of either themselves or of others in their published posts or comments (such as email addresses, private addresses, or phone numbers).
- In addition, it is recommended to refrain from posting materials to any of our social media pages or profiles that infringe the intellectual property rights of others and not to include internet addresses or links to websites, or any email addresses in such published posts.
- Any information posted to the XTEND Social Networking pages (Facebook, Instagram, YouTube, Twitter, and others) is recorded and used for the purpose of administering pages and addressing any comments made, while no attempt will be made to identify users except where authorised by law.
- We are not responsible for the privacy practices or content of social networking pages (Facebook, Instagram, YouTube, Twitter, and others). The responsibility of XTEND is limited to our own published posts made on the official XTEND Australia social media accounts.
- We may use your Personal Information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide, including by way of sale, de-identified information in aggregated form, to third parties. This information may include (but is not limited to):
- age demographics;
- purchasing trends;
- trends and statistics in relation to the Services;
- statistics about purchasing patterns of the Services;
- statistics surrounding the Services.
- When your Personal Information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
- We use all reasonable endeavours to secure any Personal or Sensitive Information that we hold and aim to keep this information accurate and up-to-date. Technical and organisational security measures are in place to ensure the security of information and to protect it against deliberate or accidental manipulation, destruction, use, disclosure loss or unauthorised access.
- Personal and Sensitive Information is stored behind industry standard firewalls and where applicable, protected by usernames and passwords. Where appropriate, Personal and Sensitive Information is kept within a locked storage room.
Access and correction of your Personal Information
- The access to Personal Information that we and/or our contractors hold can be obtained on request. It is at the discretion of XTEND to provide this information to individuals, depending upon legal circumstances or our obligations. Users are entitled to tell us if they do not wish us to hold their information, we will remove all such information from our database. Individuals also have the right to ask us to correct information about them, which is inaccurate, incomplete or out of date.
- If you wish to seek access to, correction of or deletion of Personal Information that XTEND holds about you, please contact us at firstname.lastname@example.org.We may ask you to put your request in writing. It is important to us that the Personal Information we hold about you is accurate, complete, and up to date.
- You can either provide a written request or complaint at one of our studios, or you can contact our Privacy Officer as follows;
- By letter: Privacy Officer, XTEND, Level 2, 71 Longueville Rd, Lane Cove, NSW, 2066, Australia;
- By email to email@example.com
- We will make all reasonable attempts to respond to your complaints or requests.
CCTV Cameras and Surveillance
- We undertake an ongoing video recording in every XTEND studio for the purpose of ensuring security and the safety of all XTEND members and occupants in every studio via CCTV cameras, recording the time and date at which images are taken.
- Video recordings can be accessed only by authorised staff.
- Video recordings of a specific incident may be released to the NSW Police Service only under the terms of this policy or subject to the execution of a search warrant or other legal process and only with the approval of XTEND Company Secretary.
- If you are:
- a resident of the European Union accessing our online platforms or attending an XTEND studio in Australia; or
- accessing our online platforms or receiving our Services from within the European Union,
then in addition to our obligations under the Act, XTEND is required to comply with the General Data Protection Regulation (EU) 2016.679 (GDPR) with respect to your Personal Information.
Level 2, 71 Longueville Rd,
Lane Cove NSW 2066, Australia
02 9415 5300